this post was submitted on 17 Jul 2023
421 points (88.6% liked)
Programmer Humor
32361 readers
373 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I encourage you to think critically about this and re-evaluate your decision. I would say that for at least 99.99% of people a password manager is significantly more secure overall.
For most people phishing is a far bigger risk than some malware stealing their local password databases. To make database theft even less of a concern most password managers have the option to encrypt the local database file. This means that to steal your passwords the malware will need to extract the encryption key from the password manager process which can often be configured to forget the key quickly after the last use.
Also consider that if you have malware that can steal your password database and the encryption key it can probably just keylog all your passwords or steal your browser's cookie jar. So the extra barrier here is minimal.
I think you are right to be suspicious of having a vault of passwords "ready to steal" but in practice the upsides far outweigh the downsides, especially if you make a security-focused choice of password manager.